As per CloudFormation documentation you cannot parameterize the Retention of resources. Now that creates a problem if you use the same stack and nested templates for production and development. For Production you want to set retention on all resources that contain critical data – as mentioned CloudFormation will not delete S3 buckets that are not [...] Read More

LaunchConfiguration MetaData

If you use the metadata of the LaunchConfiguration, which you use to its full extent, you will potentially run into the issue that your changes don’t trigger an update. CloudFormation evaluates the properties of the LaunchConfiguration to determine if a replacement or in place update needs to happen, it ignores changes in the metadata. A [...]


If you need sftp, and it looks like a lot of integrations still require this, create an S3 backed sftp instance (LaunchConfiguration/AutoScaling Group) using s3fs. It is super simple and makes your sftp server ephemeral as all sftp data is securely stored in S3. Install (Fn:Sub… omitted): Configure (Fn:Sub… omitted): Fn::Sub vs. Fn::Join [...]

Think Cloud Native – Think Ephemeral

Develop your solutions so they will never require you to touch anything except CloudFormation. If you have bastion hosts or other jobs that run maintenance tasks script that and include the resp. scripts in the metadata of LaunchConfigurations. If you need to make changes at runtime, do them directly in your CloudFormation templates. Use LaunchConfigurations [...]


If you really want to hurt your business, go Azure. I did it once and am not planning to repeat that exercise of constantly banging my head against the wall. Azure is just not ready for prime time, services you need are not (fully) supported by resource templates, the syntax is unbelievably bad, certain things [...]


Make sure your stacks delete properly, AWS is usually pretty good in taking care for you, but some things are a little awkward. CloudFormation can’t delete S3 buckets or Elastic Container Registries if they are not empty – it nicely wipes RDS. You want to augment your CloudFormation setup with a few AWS CLI scripts [...]

CloudFormation Parameters

Parameters are important to be able to customize your ideally general templates. There are discussions that parameters are limiting when it comes to customization, I don’t agree, you can pass them in via defaults or from the AWS CLI when you create/update stacks. A very clever approach is to design a layered approach as follows [...]

CloudFormation Nesting

Design nested templates that focus on core functionalities and allow you to put entire stacks together. Do NOT develop nested templates with the focus of a specific system. For example, you could create a nested template for the network components of a specific stack. Once you apply certain specifics you will not be able to [...]


When your destination MS SQL Server is RDS and you do not want to use the root account, provided by AWS, for replication purposes, we recommend the following script (different for source and destination servers)…